Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virumode -virtumundo-downloader-drivecleaner 2006


  • Please log in to reply
2 replies to this topic

#1 pberryman

pberryman

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 31 August 2007 - 06:57 PM

Hello,

A couple of weeks ago symantech told me I had the Virtumundo trojan horse. At that point, I thought viruses were like you see on TV and the movies, that my data/pics/docs/whatever were all doomed and my harddrive would crash any second. I called my IT father-in-law, who told me to run the scans then look up the virus on google to findout how to fix it. I downloaded some tools that seemed to fix the problem--I had been getting poppups (one I remember I have now again-- "Crush calulator" also a lot of myspace crap).

A couple weeks went by with no problems, though I or my wife must have gone back to the site where we got it or never got rid of it or I think I may have accidentally clicked on a bogus antivirus upgrade, because that has been constantly popping up--I forget the details, but it should come upo soon, that one has been constant. Now, instead of Virtumundo showing up in the symantec antivirus notification window, it says I have "Downloader" (clean: failed Quarantine: failed Acess denied).

Also, I was reading in a book about spybot - search & destroy, which my father-in-law must have installed last time he was in town. Thisremoved some stuff, then was telling me I had Virtumonde and several Drivecleaner 2006 and that it couldn't fix it. I also have ad-aware, which did not do much of anything. I remembered "safe mode" from my previous experience, and ran a symantec scan there, but it did not find anything.

Please help!

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,406 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:24 PM

Posted 31 August 2007 - 07:51 PM

Bleeping Computer tutorial on removing Drive Cleaner:
http://www.bleepingcomputer.com/forums/t/71782/how-to-remove-drivecleaner-2006-removal-instructions/

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:24 PM

Posted 31 August 2007 - 10:41 PM

Some variants of vundo may not be detected by vundofix so the "add more files" option is another way of ridding this malware. However, these files need to be identified and posting a hijackthis log will enable an expert to advise you which files to add if you continue to have problems. If you still have problems after following the steps in the self-help guide, then you should post a hijackthis log.

However, you need to rename HijackThis before before using it and saving a log. Some variants of this malware will hide certain entries in a hijackthis log to prevent detection.

After installation, open the HijackThis Folder, find the HijackThis.exe file, right-click on it and select "rename". Type Scanner.exe and hit "Enter". Double-click on Scanner.exe (which is still HijackThis) run a scan, save the logfile and copy/paste it into a new topic in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts.

Edited by quietman7, 31 August 2007 - 10:47 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users